What is a Certificate?
An enterprise network certificate, also referred to as an Enterprise SSL Certificate or an Enterprise PKI (Public Key Infrastructure) certificate, is a digital certificate specifically designed for use within a corporate or organizational network. These certificates are issued by a Certification Authority a.k.a. Certificate Authority. They are commonly used to determine whether a device can trust a network or vice versa and are part of a broader framework of digital security used to establish trust, authenticate users and devices, and secure communications within enterprise networks. Contributing to an overall safer network environment.
Example
You can think of certificates like employee badges. If someone has an official employee badge, you would trust them to be working for the organization. Different employees may have different types of badges–some might verify that they are an employee and can access certain areas, and some may verify that you should trust whoever has the badge with elevated permissions or to give you information about security.
Why Use Certificates?
Authentication: Certificates authenticate users and devices, ensuring that only authorized individuals or systems can access the network, reducing the risk of unauthorized entry or data breaches.
Secure Communication: Certificates ensure secure communication by encrypting data and safeguarding sensitive information from unauthorized access or tampering.
Types of Certificates
There are two main types of certificates:
User Certificates
User certificates are used to verify the identity of users and devices on a network.
Some networks want to restrict access to only known users. For example, you have a password on your home WiFi network to make sure you mostly know everyone who is using it. User Certificates are exactly the same thing, with some more control. These certificates authenticate users, adding a layer of security to prevent unauthorized access and allowing the network to verify who's who and allow only the right people or devices in.
If you have a locked-down enterprise network, a User Certificate also lets you know who is accessing the network and in what ways. This is useful for security purposes, as knowing who accesses company resources can help you stay secure.
In almost all cases, a user certificate should be deployed alongside a WiFi network in ManageXR—not installed directly on the device.
Some networks automatically provision user certificates to devices instead of generating them manually. This is usually done via a process called SCEP (Simple Certificate Enrollment Protocol). SCEP is a more advanced way of deploying user certificates, but the end result is the same—a device gets a User Certificate and can log in to a network using the certificate.
Example
Like the example above, a User Certificate is just like an employee badge. It gives you access to the building and verifies that you are who you say you are.
Certificate Authority Certificates (CA)
A CA certificate verifies that an endpoint or system is controlled by the person it says it is. There are many ways to validate the identity of an enterprise network, but a CA Certificate is one of the most secure ones.
A CA certificate is issued by a trusted organization that confirms the system’s identity, especially if using a firewall with a self-signed certificate. You may need a CA Certificate either to connect to a network in the first place, or to successfully use the internet once you are connected. If you use a self-signed certificate on your network, you likely need to add this CA cert to the device as a globally trusted CA.
This digital ID helps ensure that communications within the network are secure, that the involved parties are who they claim to be, and that your data is safe when you're online. This type of certificate is commonly used to ensure secure connections on the internet, for example, when you see "https://" in a web address.
If your device fails to connect to an enterprise network, you may need to add the CA Certificate to the Wireless Network Deployed in ManageXR. However, if you are connected to the network successfully but fail to access the internet, you may need to install the certificate on the device itself.
You will see this if the device is reporting an issue with an untrusted certificate. This is because some wireless networks do fancy things, like using reverse proxies to help keep you safe. These may be used to filter content, and due to how these proxies are configured, a device requires a certificate to be deployed to it to know to trust this network. In this case, you need to deploy the certificate to the device and have it installed at a system level.
Example
This would be like a Security Guard's badge. You can trust *them* to send specific secure information, as opposed to the organization trusting you based on your badge. Knowing that security guards have badges that look a certain way lets you trust them - which is like deploying a CA Certificate to a device.
How do I add a Network Certificate to ManageXR?
This documentation will walk you through adding a network certificate to a WiFi profile on ManageXR or installing it on the system, depending on your needs. If you’re unsure which deployment method is right for you, see the above!
Need more help?
Talk to a member of our team using the chat bubble (in the bottom right of your screen), or reach out to support@managexr.com